Details of VAR-202307-1941

ID

VAR-202307-1941

CVE

CVE-2023-28728

TITLE

Panasonic Made Control FPWIN Pro7 Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002906

DESCRIPTION

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file

Trust: 1.71

sources: NVD: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // VULMON: CVE-2023-28728

AFFECTED PRODUCTS

vendor:	panasonic	model:	control fpwin pro	scope:	lte	version:	7.6.0.3	Trust: 1.0
vendor:	パナソニック株式会社	model:	fpwin pro	scope:	lte	version:	7 ver. 7.6.0.3 and earlier	Trust: 0.8
vendor:	パナソニック株式会社	model:	fpwin pro	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // NVD: CVE-2023-28728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-28728
value:	HIGH
Trust: 1.0
product-security@gg.jp.panasonic.com:	CVE-2023-28728
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-002906
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202307-1800
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-28728
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-002906
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728 // NVD: CVE-2023-28728

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Mistake of type (CWE-843) [ others ]	Trust: 0.8
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // NVD: CVE-2023-28728

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-1800

PATCH

title:	software Control FPWIN Pro7 download Panasonic	url:	https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359	Trust: 0.8
title:	Panasonic Control FPWIN Pro Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247071	Trust: 0.6

sources: JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800

EXTERNAL IDS

db:	NVD	id:	CVE-2023-28728	Trust: 3.3
db:	JVN	id:	JVNVU96622721	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-192-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002906	Trust: 0.8
db:	CNNVD	id:	CNNVD-202307-1800	Trust: 0.6
db:	VULMON	id:	CVE-2023-28728	Trust: 0.1

sources: VULMON: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728

REFERENCES

url:	https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro	Trust: 1.7
url:	http://jvn.jp/vu/jvnvu96622721/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-28730	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-28728	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-28729	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-28728/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728

SOURCES

db:	VULMON	id:	CVE-2023-28728
db:	JVNDB	id:	JVNDB-2023-002906
db:	CNNVD	id:	CNNVD-202307-1800
db:	NVD	id:	CVE-2023-28728

LAST UPDATE DATE

2024-08-14T15:41:40.105000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-28728	date:	2023-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2023-002906	date:	2024-04-18T08:30:00
db:	CNNVD	id:	CNNVD-202307-1800	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2023-28728	date:	2023-07-31T20:58:56.437

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-28728	date:	2023-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2023-002906	date:	2023-08-22T00:00:00
db:	CNNVD	id:	CNNVD-202307-1800	date:	2023-07-21T00:00:00
db:	NVD	id:	CVE-2023-28728	date:	2023-07-21T07:15:09.707